Date: Mon, 12 Mar 2012 12:13:15 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Djalal Harouni <tixxdz@...ndz.org> Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk>, Alexey Dobriyan <adobriyan@...il.com>, Vasiliy Kulikov <segoon@...nwall.com>, Kees Cook <keescook@...omium.org>, Solar Designer <solar@...nwall.com>, WANG Cong <xiyou.wangcong@...il.com>, James Morris <james.l.morris@...cle.com>, Oleg Nesterov <oleg@...hat.com>, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org, Alan Cox <alan@...rguk.ukuu.org.uk>, Greg KH <gregkh@...uxfoundation.org>, Ingo Molnar <mingo@...e.hu>, Stephen Wilson <wilsons@...rt.ca>, "Jason A. Donenfeld" <Jason@...c4.com> Subject: Re: [PATCH 0/9] proc: protect /proc/<pid>/* files across execve Djalal Harouni <tixxdz@...ndz.org> writes: > Procfs files and other important objects may contain sensitive information > which must not be seen, inherited or processed across execve. So I am dense. /proc/<pid>/mem was special in that it uses a different set of checks than other files, and to do those access checks /proc/<pid>/mem needed to look at exec_id. For all of the access checks that are not written in that silly way. What is wrong with ptrace_may_access run at every read/write of a file? We redo all of the permission checks every time so that should avoid races. I really think you are trying to solve something that is not broken. Certainly I could not see your argument for why anything but /proc/<pid>/mem needs attention. Eric
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.